You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/01/07 15:03:48 UTC
[GitHub] [incubator-superset] MattSmith46 opened a new issue #8932: Superset
to use both Local authentication plus OAuth authentication
MattSmith46 opened a new issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932
Hello I have setup superset to authenticate with Auth0 over OAuth and everything working fine on that end. The question that I have is that while connecting with Auth0 is working well I'm not able to login as an administrator and make any administration changes. Wanted to know if there is a way to use both local login for the admin account and OAuth login for user accounts. Below is my current code.
**superset_config.py**
```
ROW_LIMIT = 5000
SUPERSET_WORKERS = 4
SUPERSET_WEBSERVER_PORT = 8088
import os
import logging
from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB,
AUTH_LDAP, AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
basedir = os.path.abspath(os.path.dirname(__file__))
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Gamma"
PUBLIC_ROLE_LIKE_GAMMA = True
OAUTH_PROVIDERS = [{
'name':'auth0',
'token_key': 'access_token',
'icon':'fa-google',
'remote_app': {
'consumer_key': '',
'consumer_secret': '',
'request_token_params': {
'scope': 'openid email profile'
},
'base_url': '',
'access_token_url': '/oauth/token',
'authorize_url': '/authorize',
'access_token_method':'POST',
}
}]
```
**custom_sso_security_manager.py**
```
from superset.security import SupersetSecurityManager
import logging
logger = logging.getLogger('auth0_login')
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
if provider == 'auth0':
res = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
if res.status != 200:
logger.error('Failed to obtain user info: %s', res.data)
return
me = res.data
logger.debug(" user_data: %s", me)
prefix = 'Superset'
return {
'username' : me['email'],
'name' : me['name'],
'email' : me['email'],
'first_name': me['given_name'],
'last_name': me['family_name'],
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] stale[bot] commented on issue #8932: Superset
to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
stale[bot] commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932#issuecomment-612313274
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue `.pinned` to prevent stale bot from closing the issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] imvemuri commented on issue #8932: Superset to
use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
imvemuri commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932#issuecomment-574410054
If you want to login as Admin then change the default role from 'Public' to 'Admin'. To do this add **AUTH_USER_REGISTRATION_ROLE = 'Admin'** in superset_config.py or config.py. Doing so, would register all new users as Admins.
If you just want to change the permission of a single user then just update the corresponding user record in **ab_user_role** to admin role which I believe is mapped to 1.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] augier commented on issue #8932: Superset to
use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
augier commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932#issuecomment-584139963
Also wondering the same. I'd like to be able to use OAUTH as primary mechanism but to also enable basic auth for some special users.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] Ryouku commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
Ryouku commented on issue #8932:
URL: https://github.com/apache/superset/issues/8932#issuecomment-818634544
Hello @CaptainHoangLe,
Superset (it's a Flask backend in fact) provides tools (or code blocks if you will) to build an authorization system that you prefer.
However, this is not a standard, pre-built solution and here you have to implement it yourself.
This is not a difficult task, you would be able to find on the Internets or SO something along the line "flask multiple sign-in options form", implement your custom security manager, create templates and you are good to go.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] Ryouku commented on issue #8932: Superset to
use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
Ryouku commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932#issuecomment-577050300
I think this is more generalised request/question than just change the user role using DB. Most applications offers at least few sign-in methods - Google Auth, DB Auth and similar available at the same time.
What @MattSmith46 says is that he needs to have two of sign-in options available at the same time and the way superset is built - it does not allow this to happen using possible configuration options.
However, if you would create a few controllers and add routes/views to them, I think you would be able to have sign-in forms displayed. Not sure about the credentials/DB handling, but you can override the logic in your custom security_manager and explicitly define the logic for the DB Auth (as it is simple user/credentials check and authentication using `login_user(user)`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] CaptainHoangLe edited a comment on issue #8932: Superset to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
CaptainHoangLe edited a comment on issue #8932:
URL: https://github.com/apache/superset/issues/8932#issuecomment-819339835
> custom security manager, create templates and you are good to go.
I am new bie. I am having trouble with how to pass AUTH_TYPE from choosing in jinja template to file config.py.
my template belows
and i rended this template before login
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] stale[bot] closed issue #8932: Superset to use
both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
stale[bot] closed issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] nitacekarki commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
nitacekarki commented on issue #8932:
URL: https://github.com/apache/incubator-superset/issues/8932#issuecomment-632623857
Hello All,
I am unable to login via 0Auth, can you help me out?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] CaptainHoangLe commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
CaptainHoangLe commented on issue #8932:
URL: https://github.com/apache/superset/issues/8932#issuecomment-818621314
Dear All !
Can i switch between 2 login methods in screen login ? Can you help me ,please? Thanks all
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] issue-label-bot[bot] commented on issue #8932:
Superset to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
issue-label-bot[bot] commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
URL: https://github.com/apache/incubator-superset/issues/8932#issuecomment-571624565
Issue-Label Bot is automatically applying the label `#question` to this issue, with a confidence of 0.82. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: [app homepage](https://github.com/marketplace/issue-label-bot), [dashboard](https://mlbot.net/data/apache/incubator-superset) and [code](https://github.com/hamelsmu/MLapp) for this bot.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] CaptainHoangLe commented on issue #8932: Superset to use both Local authentication plus OAuth authentication
Posted by GitBox <gi...@apache.org>.
CaptainHoangLe commented on issue #8932:
URL: https://github.com/apache/superset/issues/8932#issuecomment-819339835
> custom security manager, create templates and you are good to go.
I am new bie. I am having trouble with how to pass AUTH_TYPE from choosing in jinja template to file config.py.
my template belows
and i rended this template before login
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org